yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
20540 commits 89 branches 205 tags 114 MiB
Commit graph

6858 commits

Author SHA1 Message Date
Gilles Peskine 76851ae3a6 Add warnings to test code and data about storage format stability 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-20 19:10:35 +02:00
Gilles Peskine 36aeb7f163
Merge pull request #5834 from mprse/HKDF_1 
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
 2022-06-20 15:27:46 +02:00
Werner Lewis 12657cdcc6 Remove binary int use 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-20 11:57:35 +01:00
Werner Lewis 90c46c376b Use consistent test case names 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-20 11:53:17 +01:00
Werner Lewis b3acb053fb Add mbedtls_x509_dn_get_next function 
Allow iteration through relative DNs when X509 name contains multi-
value RDNs.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-17 16:40:55 +01:00
Dave Rodgman eb8570f174 Fix missing newline 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-06-17 14:59:36 +01:00
Dave Rodgman 5cab9dafb7 fix whitespace 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-06-17 13:48:29 +01:00
Dave Rodgman 57080461f7 Add test-case for checking curve order 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-06-17 13:42:40 +01:00
Ronald Cron d28f5a98f1 ssl-opt.sh: Add certificate key usage tests for TLS 1.3 
Those are adaptations of the already existing
TLS 1.2 tests. It is not really possible to just
remove the TLS 1.2 dependency of the existing tests
because of the following:
. in TLS 1.3 the ciphersuite selection on server
  side is not related to the server certificate
. for tests involving OpenSSL the OpenSSL command line
  as to be adapted to TLS 1.3
. server authentication is mandatory in TLS 1.3
. a key with KeyEncipherment and not DigitalSignature
  usage is never acceptable

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-17 08:46:27 +02:00
Ronald Cron ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name 
Tls13 add server name
 2022-06-16 08:30:09 +02:00
Gilles Peskine 6194053feb ASN.1: test that we can parse what we can write 
In asn1_write tests, when there's a parsing function corresponding to the
write function, call it and check that it can parse what we wrote.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-15 21:17:25 +02:00
Gilles Peskine b7e215f6bc Fix copypasta in test data 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-15 21:16:42 +02:00
Andrzej Kurek ca35f5bed0 test_suite_ssl: Use a zero fragment offset in a test with a too short record 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-15 07:19:40 -04:00
Ronald Cron 4ccd226cbf
Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases 
Tls13 add comprehensive cases
 2022-06-15 09:18:11 +02:00
Przemek Stekiel 6c9fd61565 exercise_key_agreement_key: add special handling for HKDF_EXPAND 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-14 14:41:42 +02:00
Andrzej Kurek 7cf872557a Rearrange the session resumption code 
Previously, the transforms were populated before extension
parsing, which resulted in the client rejecting a server
hello that contained a connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-14 08:26:19 -04:00
Przemek Stekiel d898745f70 exercise_key_agreement_key: provide SALT for HKDF_EXTRACT 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-14 11:41:52 +02:00
XiaokangQian 3ed16231ab Refine server side SNI test cases 
Change-Id: Icdc91ed382e81702e3b46645d3ce3534e62d4a13
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-14 08:24:04 +00:00
Jerry Yu b7c12a466f Refactor compat scripts 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-12 20:53:02 +08:00
Gilles Peskine 2c2730a372 ASN.1 write tests: test with larger buffer 
Test with the output buffer size up to *and including* the expected output
size plus one. `... < expected->len + 1` was evidently a mistake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-10 20:15:44 +02:00
Gilles Peskine 321a08944b Fix bug whereby 0 was written as 0200 rather than 020100 
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-10 20:13:33 +02:00
Gilles Peskine c9a30fba74 Add MPI write tests when the MPI object has a leading zero limb 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-10 20:13:07 +02:00
Gilles Peskine 0ab804a794 Fix mismatch between test data and test description 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-10 20:12:25 +02:00
Gilles Peskine d8579b7673 Uncomment mbedtls_asn1_write_mpi tests with leading 1 bit 
mbedtls_asn1_write_mpi() correctly handles the sign bit, so there's no
reason not to test that it's handled correctly.

Fix copypasta in test data that was commented out.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-10 20:10:37 +02:00
XiaokangQian 9b938b7c37 Share code with base class in generate_tls13_compat_tests.py 
Change-Id: I4540bdff7072cdb9bcc9fdb0799c4165ca381b2a
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-10 07:06:32 +00:00
XiaokangQian fb1a3fe7f3 Address comments about python syntax 
CustomizedGitHooks: yes
Change-Id: I5c4d39789df802d0b839061ce8c59ad241917d0b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-10 02:27:52 +00:00
Gilles Peskine ae25bb043c Fix null pointer dereference in mpi_mod_int(0, 2) 
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 19:32:46 +02:00
XiaokangQian b1847a234e Re-structure to share more common code 
Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-09 02:53:23 +00:00
Andrzej Kurek ed4d217874 Add missing test dependencies for cookie parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-08 11:57:57 -04:00
Andrzej Kurek 078e9bcda6 Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-08 11:47:33 -04:00
Paul Elliott 271c3052fb
Merge pull request #5892 from AndrzejKurek/ssl-opt-client-kill-fix 
Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell
 2022-06-08 14:27:01 +01:00
Dave Rodgman 11930699f1
Merge pull request #5827 from wernerlewis/time_utc 
Use ASN1 UTC tags for dates before 2000
 2022-06-08 13:54:19 +01:00
Paul Elliott 5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests 
Pr/add-tls13-moving-state-tests
 2022-06-08 13:39:52 +01:00
XiaokangQian 96287d98d8 Remove the certificate key check against the received signature 
Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-08 08:37:53 +00:00
XiaokangQian 9850fa8e8d Refine ssl_tls13_pick_cert() 
Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-08 07:02:41 +00:00
Przemek Stekiel b088a900f4 test_suite_psa_crypto_storage_format: disable KA(ECDH,HKDF_EXTRACT/EXPAND...) test cases 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-07 15:34:18 +02:00
Przemek Stekiel d9e1287e64 crypto_config_test_driver_extension.h add HKDF_EXTRACT/EXPAND algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-07 14:19:39 +02:00
XiaokangQian 23c5be6b94 Enable SNI test for both tls12 and tls13 
Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-07 09:43:13 +00:00
Ronald Cron 00e5eaad62 test: ssl: Remove more TLS 1.2 dependencies in handshake state tests 
That way the concerned tests are also run in the
TLS 1.3 only configuration where a TLS 1.3
handshake is performed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-07 11:14:01 +02:00
Ronald Cron bdddaef9bb test: ssl: Enable client authentication in handshake state tests 
The endpoint initialization function was setting up
a certificate but the client certificate was not
used because client authentication was not enabled
(not enabled in the default SSL server configuration).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-07 11:13:49 +02:00
Dave Rodgman 4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor 
Add accessor for x509 certificate extension types
 2022-06-06 21:51:38 +01:00
Andrzej Kurek cfb01948c8 Add cookie parsing tests to test_suite_ssl 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-06 15:29:15 -04:00
Andrzej Kurek 140b589ec6 Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell 
When executing eval in the background, the next "$!" gives the
eval PID, not the ssl-client2 pid. This causes problems when
a client times out and the script tries to kill it. Instead, it
kills the parent eval call.
This caused problems with subsequent proxy tests receiving
old packets from a client from a previous test.
Moving the "&" to inside the eval call fixes the problem.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-06 15:02:36 -04:00
Thomas Daubney 5c9c2ce86d Add correct test dependencies 
Functions called within the test mean that MBEDTLS_X509_CRT_PARSE_C
is a test dependency and so is declared in this commit.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-06 16:36:43 +01:00
Thomas Daubney a5f39e0ec2 Move accessor definition 
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-06 15:42:32 +01:00
Przemek Stekiel 221391b3d2 generate_psa_tests.py: REVERT adapt OpFail test generator for HKDF-Exract/Expand algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:26:43 +02:00
Przemek Stekiel 66867731aa derive_output tests: fix output key length to be consistent with teh description 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:26:02 +02:00
Przemek Stekiel cde3f783f5 Make info valid only after secret for HKDF-EXPAND + adapt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:26:02 +02:00
Przemek Stekiel 0586f4c4ea Make salt mandatory for HKDF-EXTRACT + adapt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:25:43 +02:00
Jerry Yu 6994e3e0c2 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-06 11:50:49 +08:00
Przemek Stekiel 0e99391afe derive_output test: fix output key bit length 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel 3e8249cde0 Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel f0f0bd068b test_suite_psa_crypto_metadata: add test cases for the HKDF-Extract/Expand algorithms 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
XiaokangQian 129aeb9b0e Update test cases and support sni ca override 
Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-02 09:29:18 +00:00
Werner Lewis acd01e58a3 Use ASN1 UTC tags for dates before 2000 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-01 16:24:28 +01:00
Jerry Yu f2d32e6c3d fix tls13_only test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-01 18:05:18 +08:00
Thomas Daubney 3ff4fc6997 Add test data 
Add two test cases for accessor test. One test where desired
ext type is presentent and the other of when the ext type is
not present.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-01 10:23:50 +01:00
Thomas Daubney bd5466ab7e Add test for accessor 
Add test logic for accessor.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-01 10:23:50 +01:00
Jerry Yu 7bf3358a2d Remove duplicated tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-01 16:55:17 +08:00
Jerry Yu 1443537da3 fix test fail when WANT_READ/WRITE returned 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-01 15:53:31 +08:00
XiaokangQian f4f0f6961a Enable requires_openssl_tls1_3 in sni test cases 
Change-Id: I71fbabe0b2ff80d5f1f15ae7df2b048503ccf965
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-01 00:42:27 +00:00
XiaokangQian ac41edfc5e Enable requires_gnutls_tls1_3 in sni test cases 
Change-Id: Iea18f4e6a6b4c6b90612b43a5bcd396cdd506335
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 13:22:13 +00:00
Jerry Yu 66537f40b6 fix certificate request fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 19:53:05 +08:00
Jerry Yu 1e7c438b67 remove tls1.3 dependancy 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 19:51:38 +08:00
Gilles Peskine 09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa 
Deprecate mbedtls_cipher_setup_psa()
 2022-05-31 10:56:52 +02:00
XiaokangQian 2ccd97b8ef Change test case name to sni 
Change-Id: I8f6e68deab71cc49741cbdf233cf876e29683db9
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 08:30:17 +00:00
Jerry Yu 66adf3155c Update comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:23:29 +08:00
Jerry Yu df0a71a0b0 Add handshake version test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu b3d86de3ea fix hanshake wrapup fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu df65b66003 Add handshake over test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu 85e5c81c37 fix check test cases fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu d9d049d180 revert dbg config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu d8c57feaf9 Add moving state test for TLS1.3 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu 023ff7acb1 Move dependes_on of move handshakes state 
Prepare share move_handshake_state function with
TLSv1.3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
XiaokangQian d5d5b60c07 Add comprehensive test cases for TLS1.3 server side 
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 02:51:26 +00:00
XiaokangQian f2a942073e Fix SNI test failure 
Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian 40a3523eb7 Add support of server name extension to server side 
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian 9a4e1dd8a6 Add back openssl client auth test 
Change-Id: Iea3b70381c3851102c542d1c55c0303bc3a14a92
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:58:11 +00:00
XiaokangQian aca9048b5f Change base on review 
Fix comments
Add test cases for client authentication with empty certificate

Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:11 +00:00
XiaokangQian c3017f620f Remove useless guards and refine checking 
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:10 +00:00
XiaokangQian 189ded2b07 Remove coordinate functions and change state machine in server side 
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:46:13 +00:00
Paul Elliott 8fba70f66c
Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup 
TLS 1.3: Add Finished Message and wrapup
 2022-05-25 12:02:06 +01:00
Jerry Yu 5491f857d2 skip openssl client auth test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-23 22:36:16 +08:00
Jerry Yu 090378c685 change exit code of cli auth test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-23 21:03:52 +08:00
Manuel Pégourié-Gonnard 69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa 
Permissions 1: create `mbedtls_pk_can_do_ext()`
 2022-05-23 10:58:32 +02:00
Jerry Yu 7eaadae941 fix no x509 info fail. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-23 16:17:25 +08:00
Neil Armstrong c661ff51c9 Fix pk_can_do_ext tests with non-opaque keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 09:49:04 +02:00
Neil Armstrong 5c5b116a49 Add pk_can_do_ext test for non-opaque keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-19 18:07:53 +02:00
Paul Elliott 4283a6b121
Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small 
Make psa_raw_key_agreement return BUFFER_TOO_SMALL
 2022-05-19 16:06:02 +01:00
Przemek Stekiel 476d9c45b8 Use MBEDTLS_TEST_DEPRECATED only in tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-19 14:11:06 +02:00
Przemek Stekiel fcdd023ba6 derive_output tests: add invalid input secret test for HKDF-Expand 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-19 10:28:58 +02:00
Manuel Pégourié-Gonnard 6ab65e28cf
Merge pull request #5842 from mprse/decrypt_tests 
RSA decrypt 2: TLS 1.2 integration testing
 2022-05-18 12:58:50 +02:00
Jerry Yu 36becb1b81 update hrr tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu a7abc5eaa8 fix ci test fails 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu 155493d4f5 fix openssl test fail. 
different version openssl client return
different output. remove string check
to workaround it

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu 6622049bcc test:add state check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu 4d8567fa9e fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Gilles Peskine 42ed963c72 Update PSA compliance test branch 
Update to a branch with a fix for the test case
"expected error for psa_raw_key_agreement - Small buffer size"
since we just fixed the corresponding bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-17 17:23:09 +02:00
Paul Elliott a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify 
TLS1.3:Add Certificate and CertificateVerify message on Server Side
 2022-05-17 15:47:36 +01:00
Neil Armstrong 8eb0afb726 Remove duplicate pk_can_do_ext test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 14:58:11 +02:00
Neil Armstrong 408f6a60a3 Add usage parameter to mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 14:23:20 +02:00
Neil Armstrong 434d4eb74f Remove invalid comments in pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 11:58:22 +02:00
Gilles Peskine 7be11a790d Use TEST_LE_U in some places where it applies 
Systematically replace "TEST_ASSERT( $x <= $y )" by "TEST_LE_U( $x, $y )" in
test_suite_psa_crypto. In this file, all occurrences of this pattern are
size_t so unsigned.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:37:53 +02:00
Gilles Peskine d1465429a2 New test helper macros TEST_LE_U, TEST_LE_S 
Test assertions for integer comparisons that display the compared values on
failure. Similar to TEST_EQUAL.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Gilles Peskine 3ff25443c8 Separate the validation of the size macros and of the function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Gilles Peskine d4a258a08f Improve PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE validation 
We want to check:
1. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE (the output fits
   if the caller uses the key-specific buffer size macro)
2. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (the output fits
   if the caller uses the generic buffer size macro)
3. PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
   (consistency in the calculation)

We were only testing (1) and (2). Test (3) as well. (1) and (3) together
imply (2) so there's no need to test (2).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Gilles Peskine 992bee8b6e Test psa_raw_key_agreement with a larger/smaller buffer 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Przemek Stekiel 8da6da3da2 ssl-opt.sh: add test of RSA Opaque keys with TLS 1.2 server for decryption 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-16 14:37:50 +02:00
Gilles Peskine 9b7e29663f
Merge pull request #4211 from ccawley2011/mingw 
Fix compilation with MinGW32
 2022-05-16 12:30:37 +02:00
Przemek Stekiel e58ca8bb5e Add MBEDTLS_TEST_DEPRECATED dependency 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-13 15:48:41 +02:00
Jerry Yu b89125b81a Add test without server certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-13 15:50:04 +08:00
Przemek Stekiel 61922d1328 Fix mbedtls_cipher_setup_psa() dependencies in tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-12 13:51:51 +02:00
Manuel Pégourié-Gonnard 1cd4f6a873
Merge pull request #5794 from mprse/cipher_dep 
Fix undeclared dependencies: CIPHER
 2022-05-12 13:09:04 +02:00
Manuel Pégourié-Gonnard 4014a0408e
Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector 
PSA: ChaCha20: add RFC 7539 test vector with counter=1
 2022-05-12 12:34:20 +02:00
Neil Armstrong ce1d2397d2 Add tests for mbedtls_pk_can_do_ext() in test_suite_pktest_suite_pk 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-12 11:53:02 +02:00
Przemek Stekiel da5f483ad8 all.sh: Fix order of CIPHER dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-12 10:42:20 +02:00
Przemek Stekiel 179d74831f all.sh: add build/test config crypto_full minus CIPHER 
Dependency list:

- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_USE_PSA_CRYPTO']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-12 10:42:20 +02:00
Przemek Stekiel 10f3a601b4 all.sh: add build/test config full minus CIPHER 
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-12 10:42:20 +02:00
Jerry Yu c450566b85 Update client auth tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:59 +08:00
Jerry Yu c8bdbf72d3 test:add state check for certificate and verify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:59 +08:00
Dave Rodgman 3009a97e00 Minor spelling / grammar improvements 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:54 +01:00
Andrzej Kurek 5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Shaun Case 8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Przemek Stekiel 398c503f6f generate_psa_tests.py: adapt OpFail test generator for HKDF-Exract/Expand algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 14:05:40 +02:00
Przemek Stekiel 6786a87ccd derive_output tests: add capacity HKDF-Extract/Expand tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 12:40:21 +02:00
Przemek Stekiel 2849e0e4d5 derive_output tests: add negative HKDF-Extract/Expand tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 12:38:01 +02:00
Przemek Stekiel e1036fbe90 derive_output tests: add positive HKDF-Extract/Expand tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 12:34:53 +02:00
Przemek Stekiel ead1bb9987 derive_output test: Adapt for HKDF-Extract/Expand algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 12:22:57 +02:00
Manuel Pégourié-Gonnard 5479f5321a
Merge pull request #5772 from superna9999/5762-rsa-decrypt-pk 
RSA decrypt 1a: PK
 2022-05-11 11:01:01 +02:00
Neil Armstrong 814562afaa Switch last TEST_ASSERT() in TEST_EQUAL() in pk_wrap_rsa_decrypt_test_vec() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-11 09:29:57 +02:00
Paul Elliott d1a954d243
Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request 
TLS1.3: Add  HelloRetryRequest Write
 2022-05-10 17:25:33 +01:00
Cameron Cawley ea5496ceb3 Fix compilation with MinGW32 
Signed-off-by: Cameron Cawley <ccawley2011@gmail.com>
 2022-05-10 13:46:09 +01:00
Manuel Pégourié-Gonnard 42650260a9
Merge pull request #5783 from mprse/md_dep_v3 
Fix undeclared dependencies: MD
 2022-05-10 10:41:32 +02:00
Manuel Pégourié-Gonnard 9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks 
Unify non-opaque and opaque PSKs
 2022-05-09 10:15:16 +02:00
Jerry Yu ede50ea891 move hrr tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:09 +08:00
Jerry Yu 23f7a6fc5c share write_body between HRR and ServerHello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:01 +08:00
Jerry Yu cb03677f85 add hrr test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:48:59 +08:00
XiaokangQian a987e1d2f8 Change state machine after encrypted extension and update cases 
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian 45c22201b3 Update test cases and encrypted extension state set 
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian 2f150e184f Update status and add test cases for client certificate request 
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
Ronald Cron 25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext 
TLS1.3: add writing encrypted extensions on server side.
 2022-05-06 13:54:45 +02:00
Przemek Stekiel d3ba7367c9 component_test_crypto_full_no_md: fix order of disabled features 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 11:41:56 +02:00
Przemek Stekiel fe2367af26 all.sh: add build/test config crypto_full minus MD 
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 12:09:03 +02:00
Przemek Stekiel 1068c224a4 Adapt generated psa no_supported tests for HMAC 
Remove no_supported HMAC generate/import tests when !PSA_KEY_TYPE_HMAC as HMAC key creation works regardless of PSA_WANT_KEY_TYPE_HMAC.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 12:09:03 +02:00
Przemek Stekiel cd204992f2 Fix dependencies in tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 12:09:03 +02:00
Werner Lewis e59a531455 Fix memcpy() UB in mbedtls_asn1_named_data() 
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-05-04 11:45:06 +01:00
Neil Armstrong cd05f0b9e5 Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong 4c3b4e079c Initialize & free PSA in test_multiple_psks() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Jerry Yu 7c0da07445 Update state check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 15:08:54 +08:00
Neil Armstrong b32ae72e27 Add PK Opaque RSA decrypt tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-02 09:14:58 +02:00